Solution
Please Install the Updated Packages.
Insight
Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network (RHN).
It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Red Hat Network servers. A local, unprivileged user could use these credentials to download packages from the Red Hat Network. They could also manipulate package or action lists associated with the system's profile. (CVE-2010-1439)
Users of rhn-client-tools are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Affected
rhn-client-tools on Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1439 -
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities